From owner-svn-src-all@FreeBSD.ORG Tue Mar 25 12:12:38 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AD2BC69A; Tue, 25 Mar 2014 12:12:38 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8C46B257; Tue, 25 Mar 2014 12:12:38 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s2PCCcaU072398; Tue, 25 Mar 2014 12:12:38 GMT (envelope-from trasz@svn.freebsd.org) Received: (from trasz@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s2PCCb7A072391; Tue, 25 Mar 2014 12:12:37 GMT (envelope-from trasz@svn.freebsd.org) Message-Id: <201403251212.s2PCCb7A072391@svn.freebsd.org> From: Edward Tomasz Napierala Date: Tue, 25 Mar 2014 12:12:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r263724 - stable/10/usr.sbin/ctld X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 12:12:38 -0000 Author: trasz Date: Tue Mar 25 12:12:37 2014 New Revision: 263724 URL: http://svnweb.freebsd.org/changeset/base/263724 Log: MFC r261758: Add auth-type. Sponsored by: The FreeBSD Foundation Modified: stable/10/usr.sbin/ctld/ctl.conf.5 stable/10/usr.sbin/ctld/ctld.c stable/10/usr.sbin/ctld/ctld.h stable/10/usr.sbin/ctld/parse.y stable/10/usr.sbin/ctld/token.l Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/ctld/ctl.conf.5 ============================================================================== --- stable/10/usr.sbin/ctld/ctl.conf.5 Tue Mar 25 12:10:30 2014 (r263723) +++ stable/10/usr.sbin/ctld/ctl.conf.5 Tue Mar 25 12:12:37 2014 (r263724) @@ -101,6 +101,11 @@ Setting it to 0 disables the timeout. .Ss auth-group level The following statements are available at the auth-group level: .Bl -tag -width indent +.It Ic auth-type Ao Ar type Ac +Specifies authentication type. +Type can be either "none", "chap", or "chap-mutual". +In most cases it is not neccessary to set the type using this clause; +it is usually used to disable authentication for a given auth-group. .It Ic chap Ao Ar user Ac Aq Ar secret Specifies CHAP authentication credentials. .It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret @@ -147,6 +152,13 @@ There is no default; every target must u or chap, or chap-mutual statements. A special auth-group, "no-authentication", may be used to permit access without authentication. +.It Ic auth-type Ao Ar type Ac +Specifies authentication type. +Type can be either "none", "chap", or "chap-mutual". +In most cases it is not neccessary to set the type using this clause; +it is usually used to disable authentication for a given target. +This clause is mutually exclusive with auth-group; one cannot use +both in a single target. .It Ic chap Ao Ar user Ac Aq Ar secret Specifies CHAP authentication credentials. Note that targets must use either auth-group, or chap, Modified: stable/10/usr.sbin/ctld/ctld.c ============================================================================== --- stable/10/usr.sbin/ctld/ctld.c Tue Mar 25 12:10:30 2014 (r263723) +++ stable/10/usr.sbin/ctld/ctld.c Tue Mar 25 12:12:37 2014 (r263724) @@ -417,6 +417,58 @@ auth_group_find(struct conf *conf, const return (NULL); } +static int +auth_group_set_type(struct auth_group *ag, int type) +{ + + if (ag->ag_type == AG_TYPE_UNKNOWN) { + ag->ag_type = type; + return (0); + } + + if (ag->ag_type == type) + return (0); + + return (1); +} + +int +auth_group_set_type_str(struct auth_group *ag, const char *str) +{ + int error, type; + + if (strcmp(str, "none") == 0) { + type = AG_TYPE_NO_AUTHENTICATION; + } else if (strcmp(str, "chap") == 0) { + type = AG_TYPE_CHAP; + } else if (strcmp(str, "chap-mutual") == 0) { + type = AG_TYPE_CHAP_MUTUAL; + } else { + if (ag->ag_name != NULL) + log_warnx("invalid auth-type \"%s\" for auth-group " + "\"%s\"", str, ag->ag_name); + else + log_warnx("invalid auth-type \"%s\" for target " + "\"%s\"", str, ag->ag_target->t_name); + return (1); + } + + error = auth_group_set_type(ag, type); + if (error != 0) { + if (ag->ag_name != NULL) + log_warnx("cannot set auth-type to \"%s\" for " + "auth-group \"%s\"; already has a different " + "type", str, ag->ag_name); + else + log_warnx("cannot set auth-type to \"%s\" for target " + "\"%s\"; already has a different type", + str, ag->ag_target->t_name); + return (1); + } + + return (error); +} + static struct portal * portal_new(struct portal_group *pg) { Modified: stable/10/usr.sbin/ctld/ctld.h ============================================================================== --- stable/10/usr.sbin/ctld/ctld.h Tue Mar 25 12:10:30 2014 (r263723) +++ stable/10/usr.sbin/ctld/ctld.h Tue Mar 25 12:12:37 2014 (r263724) @@ -197,6 +197,8 @@ int conf_verify(struct conf *conf); struct auth_group *auth_group_new(struct conf *conf, const char *name); void auth_group_delete(struct auth_group *ag); struct auth_group *auth_group_find(struct conf *conf, const char *name); +int auth_group_set_type_str(struct auth_group *ag, + const char *type); const struct auth *auth_new_chap(struct auth_group *ag, const char *user, const char *secret); Modified: stable/10/usr.sbin/ctld/parse.y ============================================================================== --- stable/10/usr.sbin/ctld/parse.y Tue Mar 25 12:10:30 2014 (r263723) +++ stable/10/usr.sbin/ctld/parse.y Tue Mar 25 12:12:37 2014 (r263724) @@ -57,10 +57,10 @@ extern void yyrestart(FILE *); %} -%token ALIAS AUTH_GROUP BACKEND BLOCKSIZE CHAP CHAP_MUTUAL CLOSING_BRACKET -%token DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP INITIATOR_NAME INITIATOR_PORTAL -%token LISTEN LISTEN_ISER LUN MAXPROC NUM OPENING_BRACKET OPTION PATH PIDFILE -%token PORTAL_GROUP SERIAL SIZE STR TARGET TIMEOUT +%token ALIAS AUTH_GROUP AUTH_TYPE BACKEND BLOCKSIZE CHAP CHAP_MUTUAL +%token CLOSING_BRACKET DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP INITIATOR_NAME +%token INITIATOR_PORTAL LISTEN LISTEN_ISER LUN MAXPROC NUM OPENING_BRACKET +%token OPTION PATH PIDFILE PORTAL_GROUP SERIAL SIZE STR TARGET TIMEOUT %union { @@ -145,6 +145,8 @@ auth_group_entries: ; auth_group_entry: + auth_group_auth_type + | auth_group_chap | auth_group_chap_mutual @@ -154,6 +156,17 @@ auth_group_entry: auth_group_initiator_portal ; +auth_group_auth_type: AUTH_TYPE STR + { + int error; + + error = auth_group_set_type_str(auth_group, $2); + free($2); + if (error != 0) + return (1); + } + ; + auth_group_chap: CHAP STR STR { const struct auth *ca; @@ -299,6 +312,8 @@ target_entry: | target_auth_group | + target_auth_type + | target_chap | target_chap_mutual @@ -330,7 +345,7 @@ target_auth_group: AUTH_GROUP STR log_warnx("auth-group for target \"%s\" " "specified more than once", target->t_name); else - log_warnx("cannot mix auth-group with explicit " + log_warnx("cannot use both auth-group and explicit " "authorisations for target \"%s\"", target->t_name); return (1); @@ -345,14 +360,40 @@ target_auth_group: AUTH_GROUP STR } ; +target_auth_type: AUTH_TYPE STR + { + int error; + + if (target->t_auth_group != NULL) { + if (target->t_auth_group->ag_name != NULL) { + log_warnx("cannot use both auth-group and " + "auth-type for target \"%s\"", + target->t_name); + return (1); + } + } else { + target->t_auth_group = auth_group_new(conf, NULL); + if (target->t_auth_group == NULL) { + free($2); + return (1); + } + target->t_auth_group->ag_target = target; + } + error = auth_group_set_type_str(target->t_auth_group, $2); + free($2); + if (error != 0) + return (1); + } + ; + target_chap: CHAP STR STR { const struct auth *ca; if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { - log_warnx("cannot mix auth-group with explicit " - "authorisations for target \"%s\"", + log_warnx("cannot use both auth-group and " + "chap for target \"%s\"", target->t_name); free($2); free($3); @@ -381,8 +422,8 @@ target_chap_mutual: CHAP_MUTUAL STR STR if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { - log_warnx("cannot mix auth-group with explicit " - "authorisations for target \"%s\"", + log_warnx("cannot use both auth-group and " + "chap-mutual for target \"%s\"", target->t_name); free($2); free($3); @@ -418,7 +459,7 @@ target_initiator_name: INITIATOR_NAME ST if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { - log_warnx("cannot mix auth-group with " + log_warnx("cannot use both auth-group and " "initiator-name for target \"%s\"", target->t_name); free($2); @@ -445,7 +486,7 @@ target_initiator_portal: INITIATOR_PORTA if (target->t_auth_group != NULL) { if (target->t_auth_group->ag_name != NULL) { - log_warnx("cannot mix auth-group with " + log_warnx("cannot use both auth-group and " "initiator-portal for target \"%s\"", target->t_name); free($2); Modified: stable/10/usr.sbin/ctld/token.l ============================================================================== --- stable/10/usr.sbin/ctld/token.l Tue Mar 25 12:10:30 2014 (r263723) +++ stable/10/usr.sbin/ctld/token.l Tue Mar 25 12:12:37 2014 (r263724) @@ -50,6 +50,7 @@ extern int yylex(void); %% alias { return ALIAS; } auth-group { return AUTH_GROUP; } +auth-type { return AUTH_TYPE; } backend { return BACKEND; } blocksize { return BLOCKSIZE; } chap { return CHAP; }